lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7a71215c-58f4-081b-6a2e-030073f2737e@digikod.net>
Date:   Wed, 3 Nov 2021 13:17:19 +0100
From:   Mickaël Salaün <mic@...ikod.net>
To:     Austin Kim <austindh.kim@...il.com>, serge@...lyn.com
Cc:     linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] landlock: Initialize kernel stack variables properly

Hi Austin,

On 03/11/2021 08:14, Austin Kim wrote:
> In case kernel stack variables are not initialized properly, there might 
> be a little chance of kernel information disclosure. So it is better for 
> kernel stack variables to be initialized with null characters.
> 
> Signed-off-by: Austin Kim <austindh.kim@...il.com>
> ---
>  security/landlock/syscalls.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
> index 32396962f04d..50a6f7091428 100644
> --- a/security/landlock/syscalls.c
> +++ b/security/landlock/syscalls.c
> @@ -320,6 +320,8 @@ SYSCALL_DEFINE4(landlock_add_rule,
>  	if (rule_type != LANDLOCK_RULE_PATH_BENEATH)
>  		return -EINVAL;
>  
> +	memset(&path_beneath_attr, 0, sizeof(path_beneath_attr));
> +

This memset is already done with the copy_from_user() call just below.

>  	/* Copies raw user space buffer, only one type for now. */
>  	res = copy_from_user(&path_beneath_attr, rule_attr,
>  			sizeof(path_beneath_attr));
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ